|
"What hard drive? You mean that smoldering pile in the microwave?"
|
# ¿ Jan 24, 2016 22:38 |
|
|
# ¿ May 5, 2024 17:35 |
|
Hidden encrypted containers are a solved problem. Alternatively, do what the real CP rings do - RDP into a server with hardware encryption. The files never touch your computer.
|
# ¿ Jan 25, 2016 13:50 |
|
TheQat posted:http://www.ibtimes.co.uk/john-mcafee-i-can-hack-san-bernardino-iphone-fbi-apple-backdoor-like-giving-our-enemies-1544651 John McAfee is the answer to "What if Tony Stark was a real person?" and it's glorious. “I would eat my shoe live on national television if we could not break the encryption on the San Bernardino iPhone.” - John McAfee
|
# ¿ Feb 18, 2016 18:35 |
|
The new place my SO works for implements two factor on their VPN with an automated phone call. To a softphone. On the same computer you're connecting from.
|
# ¿ Nov 2, 2021 22:15 |
|
Subjunctive posted:Something you have (a password written down), and something you know (how to answer the phone). I literally LOL'd.
|
# ¿ Nov 2, 2021 23:54 |
|
MustardFacial posted:if it's Duo, then go into the Duo settings and change the number to your cell phone and set it as the primary contact. Fortinet but I'm not going to have her do anything that isn't in her handbook. I'm not their security consultant and I'm not sticking my dick in that.
|
# ¿ Nov 3, 2021 00:33 |
|
RFC2324 posted:do you know how much licensing on the dong module is? *shudder* There was a dongle joke right there and you whiffed it.
|
# ¿ Nov 3, 2021 03:00 |
|
Cup Runneth Over posted:and something you are (sitting at your desk) It's a laptop
|
# ¿ Nov 3, 2021 07:02 |
|
"I have issued a replacement power cable and referred the matter to facilities to replace the outlet."
|
# ¿ Nov 23, 2021 18:31 |
|
https://eo.m.wikipedia.org/wiki/Neanglabazitaj_programlingvoj#Programlingvoj_bazitaj_sur_Esperanto
|
# ¿ Nov 28, 2021 20:48 |
|
The NSA are all huge nerds and would totally be the ones to write an Esperanto programming language for the hell of it. Too bad they're also all lawful evil.
|
# ¿ Nov 28, 2021 21:42 |
|
I always thought of Ubiquiti as having really good hardware for the money but with perpetually beta software that may or may not eventually get all the features they promise. Which is great for certain market segments and terrible for others.
|
# ¿ Dec 3, 2021 01:50 |
|
CommieGIR posted:Its usually not that dramatic, but I've had a CIO actually ask why we didn't make more of a fuss when they signed off on owning the risk. "I'm here to protect the company, not you personally." How dumb do you have to be to explicitly take on risk without understanding it? I know, I know. Let me pretend.
|
# ¿ Dec 9, 2021 17:09 |
|
I'm just going to continue as usual and if I get hacked they can see what kind of hosed up porn I watch and demand I pay 0.05BTC to decrypt all the pictures I save from the funny pictures thread.
|
# ¿ Dec 11, 2021 05:39 |
|
I think you're mixing them up. Exempt does not get overtime.
|
# ¿ Dec 13, 2021 22:24 |
|
Internet Explorer posted:one day I am going to learn2code so I can edit thread titles from my phone Make me a mod so I can test it and I'll make a PR for the awful app with the functionality.
|
# ¿ Dec 15, 2021 05:07 |
|
Internet Explorer posted:I don't have GRANT MOD ACCESS rights. The fact that you considered it for the briefest of seconds is probably why you don't.
|
# ¿ Dec 15, 2021 05:32 |
|
I'll never let The Man keep me down! Never!
|
# ¿ Dec 15, 2021 06:43 |
|
repiv posted:https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html?m=1 That's just a standard buffer overflooooh. Oh my.
|
# ¿ Dec 16, 2021 03:26 |
|
Alternatively, we should be terrified that they realize the real money isn't in extorting a few thousand dollars out of people but in helping governments murder dissidents and destabilize countries. It's not that other hacking groups aren't skilled or smart enough to pull that kind of thing off, it's that once you realize the amount of effort that it would take, it's not worth it if it's going to get patched in a week. It's only worth it if you're reasonably sure that your targets are narrow enough that your techniques won't be found out. It would never happen but I'd be 100% on board with Congress passing a law saying the government isn't allowed to hack people for any reason. Intelligence, military and law enforcement should not be trusted with that poo poo. KillHour fucked around with this message at 06:29 on Dec 16, 2021 |
# ¿ Dec 16, 2021 06:24 |
|
DrDork posted:If you saw the process involved in government-sponsored hacking, I think you'd immediately stop worrying much about it. I've done work with 3 letter agencies before and I worry very much about it. The Iron Rose posted:uh I for one do want my government, military, and intelligence services to be able to hack the computers of our geopolitical competitors, actually Think about the people on intelligence committees and ask yourself if you're likely to agree with them on who to target.
|
# ¿ Dec 17, 2021 05:56 |
|
I never claimed they were trying to hack me. They're trying to hack political activists in countries half way around the world. And they need to stop.
|
# ¿ Dec 17, 2021 07:45 |
|
spankmeister posted:Governments need to both be able to hack stuff, and have oversight when doing so. This is a nonsense argument because the oversight can never come from a truly neutral arbiter because the decisions they make currently can't be public and can't be questioned. The constitution should be expanded to cover all humans regardless of citizenship or location and the government hacking individual accounts anywhere in the world should have the same level of oversight as a domestic wiretap, at a bare minimum. "But" I hear you say "you can't have a domestic judge sign a warrant authorizing the wiretap of a foreign national without that country's knowledge!" And that's my point - any hack of a foreign individual necessarily infringes on their human rights. You shouldn't be less of a human because you're not an American. Now, if you want to hack a foreign government itself, that's the domain of the military because it's a literal act of war and I'm sick of people minimizing the damage of a nation doing that to another just because it didn't involve bullets. Hacking another nation's infrastructure is a casus belli, full stop.
|
# ¿ Dec 17, 2021 09:38 |
|
Martytoof posted:source?? Sounds like you're having a rough time. Want to work with me as a consultant instead?
|
# ¿ Dec 17, 2021 14:25 |
|
Come to the dark side and
|
# ¿ Dec 17, 2021 14:31 |
|
Proud Christian Mom posted:Just turn it all off and come back to it Jan 3rd It is inevitable that there will eventually be found an exploit so bad that it's cheaper to just not do any business for a couple weeks.
|
# ¿ Dec 17, 2021 19:45 |
|
BlankSystemDaemon posted:I'm not the dad of you or anything. Maybe not but I'm my own grandpa.
|
# ¿ Dec 17, 2021 20:08 |
|
Martytoof posted:Laughing at our HR blasting out “get ready for the holidays, today is a surprise half day, enjoy everyone!!” to the entire company while half of it is going to continue working through the weekend Just forward it to your boss with the message "I'm turning my phone off"
|
# ¿ Dec 17, 2021 20:25 |
|
text editor posted:is surprise half day code for 'a bunch of people sent us positive civic tests and we don't wanna admit it so we'll send you home and hope it doesn't spread'? Once you test positive for Civic you're stuck with it for at least 250k miles
|
# ¿ Dec 17, 2021 21:21 |
|
Achmed Jones posted:and that string is searched for format strings to be replaced recursively. This is the problem right here and it blows my mind nobody thought this was a terrible idea.
|
# ¿ Dec 19, 2021 17:57 |
|
In case anyone hasn't seen it https://youtu.be/qM3imMiERdU
|
# ¿ Dec 28, 2021 02:24 |
|
Fart Amplifier posted:"at least" is cold comfort. All major vendors have had major vulnerabilities like this. ChaosDB, GSuite allowing random people to add themselves as superadmins on any enterprise, and now AWS with something similar. It's only a matter of time before one of these gets discovered by Russian or Chinese actors first. They definitely have at least once, but state actors are going to show some restraint in actually using it, so it's unlikely we would know. Ensign Expendable posted:When I worked for a pharma company there was a bunch of stuff I had to do mandated by CFR, but for every requirement given there was a number attached (21 CFR Part 11 is the one that I specifically remember, this was over a decade ago so I forgot the others). Just saying "it's in CFR" is kind of pointless since there is no way for you to actually establish what you're required to do. This is the point. The CISO wants people to do whatever she says without question. KillHour fucked around with this message at 18:42 on Jan 13, 2022 |
# ¿ Jan 13, 2022 18:37 |
|
Friendly reminder that NSO Group made their own operating system that runs inside a loving image decoder.
|
# ¿ Jan 13, 2022 21:42 |
|
It really isn't though. They used the fact that the image decoding instructions are Turing complete to build enough of an instruction set to load and run the exploit.
|
# ¿ Jan 14, 2022 03:59 |
|
Martytoof posted:lmao it's amazing at how much money some of my employers have spent on external parties to tell them exactly what someone they already pay said to do. I'm a consultant and my customers will hire consultants from other companies just to get a second opinion on my advice. If it's what they want to hear, you only need to tell them once. If it's not, they will go out and pull a Fox News and find the one person on earth with valid credentials who says HTTP is just fine and HTTPS is a scam by Verisign.
|
# ¿ Jan 20, 2022 17:23 |
|
BaseballPCHiker posted:This company is paying Amazon a huge sum of money to basically walk them through AWS's Well-Architected Framework, that is in the works. But Ithey dont seem to want to actually do anything with the recommendations. My favorite tool for illustrating this is the HIPAA WALL OF SHAME https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf Even if they're not under HIPAA regulations, the point is to show that poo poo happens regularly and has real consequences (to the extent that the legal fiction of a company being forced to pay the legal fiction of money counts as real consequences). Edit: I highly recommend expanding them and browsing the descriptions. quote:The covered entity (CE), Jackson County Health Department, reported that an employee failed to use the blind carbon copy function and inadvertently emailed the electronic protected health information (ePHI) of 1,000 individuals to unauthorized recipients. The ePHI involved included names, email addresses, and vaccination information. The CE notified HHS, affected individuals, and the media. In response to the breach, the CE sanctioned and retrained the responsible employee on the proper methods of protecting and safeguarding ePHI.
|
# ¿ Jan 20, 2022 17:45 |
|
Sickening posted:Lol, this QNAP thing is huge. Anyone I know with a qnap got owned. My poor synology just sits here, unowned. I have an 8 bay Dell server and a 12 bay DAS loaded with 2TB drives from a previous company that was getting rid of them. and now you can get the same amount of storage in 2 drives for a grand
|
# ¿ Jan 28, 2022 06:11 |
|
CommieGIR posted:Yeah, the large capacity drives are great, but your DAS can sustain r/w faster than those large disks. Without a lot of caching, those big disks are really loving slow. Yeah but I am past the part in my life where I want to actually do anything where that matters. I don't have time to maintain a datacenter in my basement anymore.
|
# ¿ Jan 28, 2022 17:42 |
|
RFC2324 posted:Hire a dct "Do you have any questions for me?" "Yes... what does your company do." "Nothing. I just have all these servers and I feel like I need to use them for something. Host a Minecraft server or something, IDGAF."
|
# ¿ Jan 28, 2022 19:51 |
|
|
# ¿ May 5, 2024 17:35 |
|
I had the opposite problem today. Someone ran an automated scan for vulnerabilities in the repo and a PR of mine came up because it had a "password" in it. Granted, the field name had password in it and the random rear end string looked like a password, but when asked, I explained that the file is generated by the system automatically and the "password" in that field isn't actually ever used anywhere and you can't use it to log into anything (it's used in bootstrapping an on-prem deployment, which they don't have, so it's never used. Even if they did have an on prem deployment, it's for a temporary account that is deleted after the cluster is started for the first time. It just has to be there for that first boot up). Apparently, this did not satisfy them and I got lots of finger wagging from everyone he could find to give a poo poo for uploading a "password" to Git. Like, I'm sorry I set off your vulnerability scanner, but listen to what I'm telling you.
|
# ¿ Feb 5, 2022 05:32 |